Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0760 | 1 Team5 | 1 Team Board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | |||||
| CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. | |||||
| CVE-2007-6645 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | |||||
| CVE-2009-2606 | 1 Brainjar | 1 Asp Football Pool | 2025-04-09 | 5.0 MEDIUM | N/A |
| ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb. | |||||
| CVE-2008-4545 | 1 Cisco | 1 Unity | 2025-04-09 | 4.0 MEDIUM | N/A |
| Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. | |||||
| CVE-2009-0899 | 1 Ibm | 3 Integrated Solutions Console, Websphere Application Server, Websphere Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | |||||
| CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2025-04-09 | 5.0 MEDIUM | N/A |
| Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2025-04-09 | 7.5 HIGH | N/A |
| Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2007-0981 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 7.5 HIGH | N/A |
| Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | |||||
| CVE-2008-3172 | 1 Opera | 1 Opera | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." | |||||
| CVE-2008-0664 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.4 MEDIUM | N/A |
| The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | |||||
| CVE-2007-4390 | 1 Bluecat Networks | 1 Adonis | 2025-04-09 | 7.2 HIGH | N/A |
| The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command. | |||||
| CVE-2008-4698 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
| Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds. | |||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2025-04-09 | 7.5 HIGH | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | |||||
| CVE-2008-2940 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-09 | 7.2 HIGH | N/A |
| The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | |||||
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | |||||
| CVE-2008-4297 | 1 Mercurial | 1 Mercurial | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. | |||||
| CVE-2008-4585 | 1 Belong Software | 1 Site Builder | 2025-04-09 | 7.5 HIGH | N/A |
| Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php. | |||||
| CVE-2008-1592 | 3 Hp, Ibm, Tandem Computers | 3 Nonstop, Websphere Mq, Tandem Operating System | 2025-04-09 | 4.6 MEDIUM | N/A |
| MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." | |||||
| CVE-2007-5042 | 1 Agnitum | 1 Outpost Firewall | 2025-04-09 | 4.6 MEDIUM | N/A |
| Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160. | |||||